Insiders may act to sustain and improve organizational information security, yet our knowledge of what motivates them to do so remains limited. For example, most extant research relies on mere portions of protection motivation theory (PMT) and has focused on isolated behaviors, thus limiting the generalizability of findings to isolated issues, rather than addressing the global set of protective security behaviors. Here, we investigate the motivations surrounding this larger behavioral set by assessing maladaptive rewards, response costs, and fear alongside traditional PMT components. We extend PMT by showing that: (1) security education, training, and awareness (SETA) efforts help form appraisals; (2) PMT's applicability to organizational rather than personal contexts depends on insiders' organizational commitment levels; and (3) response costs provide the link between PMT's appraisals. We show in detail how organizational commitment is the mechanism through which organizational security threats become personally relevant to insiders and how SETA efforts influence many PMT-based components. > >
Protecting information from a variety of security threats is a daunting organizational activity. Organization managers must recognize the roles that organization insiders have in protecting information resources rather than solely relying upon technology to provide this protection. Unfortunately, compared to negative insider behaviors, the extant literature provides sparse coverage of beneficial insider activities. The few beneficial activities in the literature represent only a small portion of the diverse collection of insiders' protective actions. This research focuses on protection-motivated behaviors (PMBs), which are volitional behaviors enacted by organization insiders to protect (1) organizationally relevant information and (2) the computer-based information systems in which the information is stored, collected, disseminated, and/or manipulated from information security threats. Based on systematics, we propose a six-step methodology of qualitative and quantitative approaches to develop a taxonomy and theory of diversity for PMBs. These approaches integrate the classification techniques of multidimensional scaling (MDS), property fitting (ProFit), and cluster analyses. We leverage these techniques to identify and display how insiders collectively classify 67 unique PMBs and their homogeneous classes. Our taxonomy provides researchers and practitioners a comprehensive guide and common nomenclature for PMBs. Our methodology can be similarly used to create other theories of diversity.